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BACKGROUND OF THE INVENTION 

1. Field of the Invention 

The present invention relates to a method and arrangement for remotely accessing 
5 password-protected services in a data communication system. 

2. Description of Related Art 

^0 Reliable identification of the user is an essential prerequisite for permitting access 

J"" to many services, such for example as bank services, that are commonly provided in a general 
|t& telecommunication network or other data network. Because the use and consequences of use of 
such services may involve significant economic ramifications, it is essential that the service 
provider be able to ascertain and validate a user's identity, and/or the user's right to access and 
%l use the service, before making the service available to that user. 

Very often, e.g. in conjunction with bank services, the identification of the user is 
15 effected and confirmed by means of passwords, and often these passwords are expendable. In 
commonly-used arrangements, the service provider or an identifying party authorized by the 
service provider has given the user beforehand a number of single-use passwords (e.g. four-digit 
numbers), one of which the customer uses each time he or she needs to access or use the service. 
When the previously-provided list of passwords is or is about to be exhausted, the service 
20 provider (or a party auttiorized by the service provider) sends the user a new list of passwords. In 
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this maimer, the user always has a sufficient number of passwords on hand to satisfy his or her 
near-future needs. 

A feature typical of prior-art solutions is that the user or customer is required to 
manually input an expendable password when loggmg on to the bank's or service-provider's 
5 server. Often the password is entered by selectively depressing the keys of a telephone set, 
thereby causing the data to be transmitted to the server using tone frequency transmissions 
employing the so-called DTMF (dual tone multifrequency) codes. In addition, there are many 
other methods for transmitting a password, such as the short-message service available m GSM 
jO (Global System for Mobile Communications) networks; as used herein, the term GSM network is 
Ifz intended to refer to any mobile communication system based on the GSM specifications. In any 
event, the essential pomt is that the user is required to manually ii^ut the password which is time 
consuming and, in many cases, may be quite difficult for the user. 

Another feature typical of prior art sohitions is that the service provkier must from 
J^i time to tune provide the user with a new set of passwords by using a relatively unreliable 
15^" transmission mechanism, most commonly by mail. In such situations the letter contaming the 
passwords may end up in the wrong hands, thus compromising security. 
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OBJECTS AND SUMMARY OF THE INVENTION 

It is accordingly the desideratum of the present invention to overcome the 
problems and difficulties inherent in prior art systems and practices as described hereinabove. 
5 It is a specific object of the invention to provide a completely new procedure and 

system for effecting the transmission of passwords between a user's telephone apparatus and a 
service-provider's server. 

A further object of the invention is to facilitate the use of remotely-accessible 
services that require passwords by reducing the number of routmes that necessitate user 
ll>^ interaction to attam access to and use the services without compromismg the safety and security of 
^ the services. 

, The procedure of the invention for accessing a service in a data communication 

OJ system is mtended for use in systems m which the service provider provides to the user of a 
service a number of expendable passwords by means of which the user can access the service via 
Ifr^ a telecommunication and/or data network, a connection is set up from a terminal device to a 
server and a password is sent or supplied to the server at log-on to the service, the password is 
identified and verified by the server, and access to the service is then allowed or denied based on 
the supplied password. 

In accordance with the inventive procedure, a set of passwords is stored in the 
20 terminal device, the proper or appropriate password is selected from the stored set of passwords 
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at log-on to a predetermined service, and the selected password is automatically added to a 
connection setup signal or string for transmission from the termmal device to the server. 

Correspondingly, in the inventive system, the terminal device comprises means for 
storing a set of passwords and for selecting the proper or appropriate password from the stored set 
5 of passwords at log-on to a predetermined service for automatic addition of the password to a 
connection setup signal or string which is then transmitted from the terminal device to the server. 

The present invention advantageously provides a completely new type of 
mechanism for the transmission of passwords between a user's terminal - such as a telephone set 
,n or device or apparatus ~ and a server of the application or service provider. A further advantage 
1©- of the invention is that it facilitates access to and use of services that require passwords for access 
,4 by reducing the number of routines that necessitate user interaction in conjunction with attaining 
access to and use of the services. This is accomplished without any compromise in the safety or 
:! I security of the services . 

In one or various embodiments of the inventive procedure, a number of features 
15" are or may be implemented. For example, used passwords from the stored set of passwords may 
be registered or recorded. In addition, the set of passwords in the terminal device may be updated 
from the server via the telecommunication and/or data network. Furthermore, an order or request 
for a new set of passwords may be automatically sent to the server from the terminal device when 
the previous set of passwords has been exhausted. It is also contemplated that several sets of 
20 passwords corresponding to the different services may be stored in the terminal device and, 
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during or in connection with setup, the particular set of passwords corresponding to and for use 
with each service to be accessed is automatically selected. 

Similarly, a number of features are intended for implementation in one or more 
embodiments of the inventive system. Thus, the terminal device may mclude or con^rise means 
for registering or recording those of the passwords m a set of passwords that have abeady been 
used. The server may comprise means for updating the set of passwords in the terminal device 
via the telecommunication and/or data network, and the terminal device may comprise means for 
receiving a set of passwords from the server or otiier remote source via die network. The 
terminal device may additionally comprise means for automatic ordering, via the network, of a 
new set of passwords from the server when the previous or existmg stored set of passwords has 
been exhausted. 

The terminal device may also comprise means for storing several sets of passwords 
each corresponding to or for use with one of a pluraUty of different services accessible by the 
user, and it may furthermore comprise means for automatically selecting die appropriate 
particular set of passwords corresponding to or for use with each specific service to be accessed 
or used. 

In flie practice of the invention, die data communication system may comprise a 
wired network and the terminal device a telecommunication terminal, such as a telephone, m die 
wked network. In some embodunents of the system, the data communication system comprises a 
mobile communication network, such as a GSM network, and the terminal device is a mobile 
station, such as a GSM telephone. Where die terminal device is a GSM telephone, die means for 
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implementing and utilizing the password management fimctions may be disposed in a subscriber 
identity module, such as a SIM card, in the form of programming or software operable to perform 
the intended operations and fimctionalily. 

In the same or other embodiments of the mventive system, the transmission of 
passwords in the connection setup between the subscriber identity module and the service may be 
effected by making use of the subscriber number. The software of the subscriber identity module 
may be designed to identify the service on the basis of its identifier data, such as the telephone 
number used to access the service, and to add or append a predetermmed number of additional 
digits forming or providing the appropriate password to the end of the telephone number of the 
service durmg call semp. The subscriber identity module may fiirthermore be provided with or 
store a service directory containing mformation specifymg the services, the service identifier data 
and the names of the password files to be used in conjunction with the particular services. Such 
service directory may also be provided with a pointer for each service, the pomter being arranged 
to pomt to the first unused password in the set of passwords and, after that password has been 
used, to move on or be mcremented to then point to the next unused password in sequence. 

In fiirther accordance with the inventive system, the mechanism for ordering new 
passwords and for transmitting them between the server and the subscriber identity module may 
comprise or utihze the short-message service (SMS-PP service) of a GSM network. 

Other objects and features of the present invention will become ^parent from the 
following detailed description of the invention as applied to preferred embodiments thereof. 
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DETAILED DESCRIPTION OF THE CURRENTLY PREFERRED EMBODTMRNTS 



The invention has for its basis the provision in or to a terminal device in a data 
communication system - as for example a wired or mobile telephone set or apparatus - of an 
extra module, either physical or logical, implementing operative functionality that creates or 
inserts additional signals in the communication between the telephone apparatus and the server in 
conjunction with a connection setups signal or procedure related to a service, and/or additional 
fields and/or components or equivalent in the communication between the telephone apparatus and 
the server. An expendable password, required to obtain access to the service, is in accordance 
with the invention transmitted in these additional signals or fields or components. This password 
transmission is carried out automatically without user action or intervention or, indeed, 
awareness. The module registers or records each password that is used and therefore always 
knows which is the correct password to be used for each particular log-on. The user will find this 
type of service notably easier and less mtrusive to use, but in respect of data security it provides 
substantially the same level of security as services m which the user must manually input the 
necessary password(s). The additional module is also able or operable to receive new passwords 
from the server and to order or initiate a request to the server for new passwords when necessary. 

This module in the telephone apparatus may furthermore support simultaneous 
access to multiple services each requiring expendable passwords. For this purpose, the additional 
module of the invention may contam a directory of supported services - in short, a service 
durectory - which is used to identify, in a user's attempt to mitiate a remote access connection. 
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that the attempted connection is to a service that requires expendable passwords and to locate the 
correct list of passwords for that service and, in addition, to locate the correct position in the 
password list so that the proper password is transmitted to the service for access. 

The preferred embodiment of the inventive system comprises a mobile station, 
such as a GSM telephone, whose subscriber identity module (SIM) contams a software-based 
appHcation that uses SIM Application Toolkit commands to accomplish and provide, in 
conjunction with an otherwise substantially-conventional GSM telephone or the like, the additional 
functionality provided in accordance with the invention, as for example described hereinabove. 
The password transmission mechanism employed in conjunction with the semp of a service 
connection between the SIM card and the remote server of the service provider uses, in a 
preferred embodiment, the called-subscriber number, i.e. the so-called B-identifier. The 
application on the SIM card uses the "Call Control by SIM" command as defined in the TS GSM 
11.14 specification, and m practice the inventive application processes each called-subscriber 
number; m other words, it compares the called-subscriber number with the numbers stored in the 
service durectory and, when it detects that a call is addressed to one of the stored numbers (i.e. 
one of the numbers associated with a service requiring a password to attain access), it appends to 
the end of the telephone number a required or predetermined number of additional digits m which 
the expendable password is encoded or otherwise represented. For example, when the user is 
making a call to the number 0800-XYZ- 123456, and that number is identified by the inventive 
apphcation as one present m the stored Usting of numbers, the application on the SIM card will 
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change the number to the form 0800-XYZ-123456-KLMN, which the last four digits (KLMN) of 

the modified number are or represent the expendable password that is added by the SIM card. 

The service directory may be implemented as a special file on the SIM card. The 

special file contains information specifying the services supported, their identifier data and the 
5 names of the password files to be used in conjunction with the various supported services. 

Moreover, for each service, the service directory contams a pomter that points to the current 

position in the corresponding locally-stored list of passwords. Table 1 presents an example of the 

information elements that may be included in this special file. 
;0 With specific reference to Table 1, and by way of ilhistrative example, service 1 is 

Sib identified in accordance with the invention from the fact that the user is calling the number 
i;i 0800123. The application knows that it must append to the end of that number an expendable 

password, which password is found in the file 2FF5 that contains a total of 100 passwords. In 
|j this instance, and at this time, the current password to be used is the thirteenth one listed in the 
n file 2FF5. 
15 

Service Identifier Method 

1 BID 

2 BID 

3 SMS 

Table 1. Service 



Identifiers Name of Password Pointer Total Number of 

Associated With File Passwords 
Method 

0800123 2FF5 13 100 

0800456 2FF4 11 100 

SMSC:+02 2FF6 2 9 

0202800 
BID:8756 

directory as used in an embodiment of the invention 
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The server in the public telecommunication network thus receives the expendable 
password in the signaling data transmitted through the telephone network. The server tekes the 
last four digits of the B-identifier and assumes that they constitute or provide an expendable 
password. The server then compares the expendable password thus obtained with its own 
mformation as to what should be the user's next password. This extraction of the password digits 
and comparison with its own stored date may be carried out by any currently-known or otherwise 
suitable methods. 

If the particular service requires the use of a user name at log-on to the service, the 
service du*ectory may additionally contain stored user names for each listed service. The user 
name may, for example, also be appended to the connection setup signal in the same manner as 
the password. 

To effect the transmission of new passwords between the server and the inventive 
software-based appUcation on the SIM card, the SMS-PP (short messaging) service of the GSM 
network may be employed. Transmission by the SIM card of an order for new passwords may be 
carried out using the SMS-PP/MO (Mobile Originated) service with the passwords then 
transmitted to the SIM card using the SMS/PP-MT service. 

The functionality of the inventive application may be divided between three 
operative modules. The first module, an appending module, recognizes ~ as from the subscriber 
number used to access the service - the need to add an expendable password and sends a request 
to locate the password to a password search module. Once the search module has identified the 
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proper or appropriate password, the appending module appends the expendable password that it 
has received to the B-identifier and allows the call to fiirther proceed from the telephone 
apparatus. 

In the most preferred embodiment of the invention, the third module, for adding 
new locally-stored passwords for use in accessmg one or more remote services, operates 
completely independent of the other modules. In practice, it monitors the SMS Data Download 
traffic consistent with TS GSM 11.14 version 5.1.0 as received by the SIM card and detects the 
appearance of new passwords on the card. The module for adding new passwords stores the new 
passwords received in the SMS Data Download message to a suitable special file on the SIM card 
and enters an appropriate addition to the service directory to enable die search block to locate the 
new passwords. This new password file may comprise a combination that contains the last 
unused passwords of the previous file and the conq)letely new passwords just received. 

Those skilled in the art will appreciate that the various fiinctions and operations 
performed by or at the user's terminal device are generally anticipated and intended for 
implementation in software operatively utilized in conjunction with otherwise substantially 
conventional hardware. Likewise, the server functionality required or appropriate to support and 
in accordance with the invention will generally be implemented m software at the server. In a 
GSM telecommunication system m which the termmal device comprises a mobile telephone 
handset, the software implementing the inventive terminal operations and functionality may in a 
preferred embodiment be carried or stored on the SIM (subscriber identity module) card 
associated or used with the mobile handset which may m other respects be of conventional 
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construction. Although the invention may alternatively be practiced using dedicated hardware 
modules forming a part of the terminal device and constructed specifically for performing the 
respective operations that characterize the invention, in preferred forms of the inventive method 
and apparatus such fimctionalily is inplemented through programming or software that is operable 
to carry out those operations. In either case, the particular details and design of the hardware or 
software is substantially a matter of design choice and its construction and/or design is, given the 
within disclosure of the invention, considered to be well within the ordinary abilities of those 
skilled in the relevant arts. No specific disclosure of suggested construction or design details is 
accordingly provided herein or deemed necessary to enable ready practice of the invention. 

Thus, while there have shown and described and pomted out fundamental novel 
features of the invention as applied to preferred embodiments thereof, it wiU be understood that 
various omissions and substitutions and changes in the form and details of the methods 
described and devices disclosed, and in their operation, may be made by those skilled in the art 
without departing from die spirit of the mvention. For example, it is expressly intended that 
all combinations of those elements and/or method steps which perform substantially the same 
function in substantially the same way to achieve the same results are within the scope of the 
invention. Moreover, it should be recognized tiiat structures and/or elements and/or method 
steps described in connection with any disclosed form or embodiment of the invention may be 
incorporated in any other disclosed or described or suggested form or embodiment as a general 
matter of design choice. It is the mtention, therefore, to be lunited only as indicated by the 
scope of the claims appended hereto. 
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CLAIMS 

We claim: 

1. A method for remotely accessing a service provided by a server in a data 
communication system in which remote access to the service from a terminal device of a user of 
the service requires transmission to the server of a vahd expendable password at log-on to the 
service, comprising the steps of: 

providing the user of the service v^th a set of expendable passwords for 
remotely accessing the service via a network of the data communication system; 

storing the provided set of expendable passwords on the terminal device of 

the user; 

setting up a connection via the network to the server from the terminal 
device to enable use of the service by the user from the terminal device; 

selecting from the stored set of expendable passwords, automatically by 
the terminal device at user log-on to the service, one of the stored passwords for use in logging- 
on to the service; 

transmitting the selected password to the server by adding the selected 
password to a connection setup signal transmitted from the terminal device to the server via the 
network to remotely log-on to the service from the terminal device of the user; 
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receiving the connection setup signal at the server and identifying, in the 
connection setup signal, the selected password transmitted from the terminal device of the user; 
and 

vaUdating the identified password at the server for one of allowing and 
5 denying access to the service from the terminal device based on said validating of the password. 

2. A method in accordance with claim 1, fiirther comprising the step of 
registering, at the terminal device, each of the stored passwords when said each password is used 
to remotely log-on to the service from the terminal device to thereby prevent unintended reuse of 

10 a used password. 

3. A method in accordance with claim 1^ finther comprising the step of 
updating the expendable passwords stored on the terminal device by transmitting a new set of 
expendable passwords from the server to the terminal device via the network. 

15 

4. A method in accordance with claim 1, further comprising the step of 
transmitting, from the terminal device to the server via the network, an order for a new set of 
expendable passwords when each of the passwords stored on the terminal device has been used 
to remotely log-on to the service from the terminal device. 

20 

5. A method in accordance with claim 1 , 
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wherein said step of storing comprises storing on the terminal device of 
the user a plurality of sets of expendable passwords, each of said sets comprising a plurality of 
expendable passwords for use in accessing a corresponding one of a plurality of remotely- 
accessible services available to the user; and 

wherein said step of selecting comprises selecting a one of said plural sets 
of stored passwords for use with the corresponding one of the plural services to be accessed by 
the user and selecting jfrom the selected one of the plural sets a one of the stored passwords of the 
selected set for use in logging-on to the corresponding one of the plural service. 

6. In a data communication system in which a remote user of a service 
provided by a server on a network of the system is required to transmit to the server a valid 
expendable password, from a set of expendable passwords provided to the user, in order to 
obtain remote user-access to the service via the network, the improvement comprising a terminal 
device connected to the network for use by the user in remotely accessing the service via the 
network, said terminal device comprising: 

storage means for storing at the terminal device the set of expendable 
passwords provided to the user for use in remotely accessing the service from the terminal device 
via the network; 

selecting means for automatically selecting, from the stored set of 
expendable passwords at user log-on to the service, one of the stored passwords for use in 
remotely logging-on to the service from the terminal device; and 
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adding means for automatically adding, to a connection setup signal to be 
transmitted from the terminal device to the server over the network to remotely log-on to the 
service from the terminal device of the user, the one of the stored passwords selected by said 
selecting means. 

5 

7. In the data communication system of claim 6, said terminal device ftirther 
comprising means for registering, at the terminal device, each of the stored passwords when said 
each password has been used to remotely log-on to the service from the terminal device to 
thereby prevent unintended reuse of a used password. 

10 

8. In the data communication system of claim 6, wherein the server includes 
means for updating the expendable passwords stored at the terminal device by transmitting a new 
set of expendable passwords from the server to the terminal device via the network, said terminal 
device further comprising means for receiving a set of passwords from the server via the 

15 network. 

9. In the data communication system of claim 6, said terminal device ftirther 
comprising means for automatically ordering, from the server via the network, a new set of 
expendable passwords for use in logging-on to the service when each of the passwords stored at 

20 the terminal device has been used to remotely log-on to the service from the terminal device. 
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10. In Uie data commumcation system of claim 6, said storage means of said 
terminal device comprising means for storing a plurality of sets of expendable passwords, each 
said stored set of expendable passwords comprising a plurality of expendable passwords for use 
in remotely accessing a corresponding one of a plurality of services remotely-accessible by the 
user of the terminal device. 

11. In the data communications system of claim 10, said selecting means 
comprising means for automatically selecting, from a one of the plurality of stored sets of 
expendable passwords for use with the corresponding one of the plural services to be accessed by 
the user, a one of the expendable passwords from said one set for use in logging-on to the 
corresponding one of the plural services. 

12. In the data communication system of claim 6, wherein the network 
comprises a wired telecommunication network, and wherein said terminal device comprises a 
telephone set in the wired network. 

13. In the data communication system of claim 6, wherein the network is a 
mobile communication network, and wherein said terminal device comprises a mobile station of 
the mobile network. 

14. In the data commumcation system of claun 13, wherein the network is a 
GSM network and said terminal device comprises a GSM mobile telephone, said terminal device 
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further comprising a subscriber identity module that implements said selecting means and said 
adding means in software on said subscriber identity module. 

15. In the data communication system of claim 14, said software on the 
subscriber identity module fiirther comprising means for identifying the service by a telephone 
number entered by the user at the terminal device to access the service, and said adding means 
fiirther comprising means for appending, to the telephone number, a predetermined number of 
digits characterizing the one of the stored passwords selected by said selecting means. 

16. In the data communication system of claim 14, said subscriber identity 
module further comprising a service directory storing information specifying a plurality of 
services accessible by the user of the terminal device, service identifier data for each of the 
accessible services, and password file names to be uses in conjunction with remote user access to 
the plural services. 

17. In the data communication system of claim 16, said service directory 
further comprising a pointer for each of the plural services and arranged to point to a first unused 
password in the set of passwords to be used to attain access to a corresponding service and to be 
updated to point to a sequentially-next unused password in the set of passwords for the 
corresponding service as each stored password is used to access the corresponding service. 
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18. In the data communication system of claim 14, said software on the 
subscriber identity module further comprising means for automatically ordering, from the server 
via the network using the short-message service (SMS-PP service) of the GSM network, a new 
set of expendable passwords for use in logging-on to the service when each of the passwords 
stored at the terminal device has been used to remotely log-on to the service from the terminal 
device, and for receiving the new set of expendable passwords fransmitted from the server using 
the short-message service. 
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ABSTRACT OF THE DISCT.OSTTRR 

A procedure and a data communication system in which a service provider 
provides to a remote user of a service a set of expendable passwords for use by the user in 
accessing the service via a telecommunication and/or data network. The user's terminal device is 
provided with means for automatically transmitting a password at log-on to the service, and a 
server to which the terminal device sets up a connection includes means for identifying the 
password and for allowing or denying access to the service on the basis of the supplied password. 
The termmal device further includes means for storing a set of passwords and for selecting, at 
log-on to a predetermined service, the correct password from the stored set of passwords for 
automatic addition of the password to a connection setup signal transmitted from the terminal 
device to the server. 
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Prior Foreign Application: Country: Finland 

Appln. No.: 973528 
Filed: August 27, 1997 

Prior Foreign Application: Country: PCT 

Appln. No.: PCT/FI98/00653 
Filed: August 25, 1998 



I hereby appoint die foUowing attorneys and/or agents to prosecute this appUcation and to 
tiransact all business in die Patent and Trademark Office connected tiierewitii: 
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MYRON COHEN, Reg. No. 17,358; THOMAS C. PONTANI, Reg. No. 29,763; LANCE 
J. UEBERMAN, Reg. No. 28,437; MARTIN B. PAVANE, Reg. No. 28,337; MICHAEL 
C. STUART, Reg. No. 35,698; KLAUS P. STOFFEL, Reg. No. 31,668; EDWARD M 
WEISZ, Reg. No. 37,257; CHI K. ENG, Reg. No. 38,870; JULL\ S. KIM, Reg No 
36,567; VINCENT M. FAZZARI, Reg. No. 26,879; ALFRED W. FROEBRICH, Reg No 
38,887; ANDRES N. MADRID, Reg. No. 40,710; KENT H. CHENG, Reg. No. 33,849- 
GEORGE WANG, Reg. No. 41,419; JEFFREY M. NAVON, Reg. No. 32,711 and TZVI 
HIRSHAUT, Reg. No. 38,732; 

Address aU telephone calls to Lance J. Lieberman, Esq. at telephone No. (212) 687-2770. 

Address all correspondence to: 

Lance J. Lieberman, Esq. 
Cohen, Pontani, Lieberman & Pavane 
551 Fifth Avenue, Suite 1210 
New York, New York 10176 

I hereby declare that all statements made herein of my own knowledge are true and that all 
statements made on mformation and belief are believed to be true; and further that these 
statements were made with the knowledge that wiUfiil felse statements and the like so made are 
punishable by fine or imprisonment, or both, under Section 1001 of Title 18 of the United States 
Code and that such willful false statements may jeopardize the validity of the application or any 
patent issued thereon. 

Full Name of Sole or First Inventor: Janne LINKOLA 

Inventor's signature: 

Dated: 

Month/Day/Year 

Residence: Oikokatu 9A 3, FIN-00170 Helsinki, Finland 

Citizenship: Finland 

Post Office Address: Oikokatu 9 A 3 

FIN-00170 Helsmki, Finland 
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Full Name of Second Joint Inventor: Tuomo HOKKANEN 

Inventor's signature: 

Dated: 



Month/Day A^ear 

Residence: Stromsinlahdenkuja 2 A 13, FIN-00820 Helsinki, Finland 

Citizenship: Finland 

Post Office Address: Stromsinlahdenkuja 2 A 13 
FIN-00820 Helsinki, Finland 
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